Ascend Pipeline 130
Installing Packet Filters
Filters are located under the Ethernet menu.
The Ascend has three filter sets, each consisting of 12 input and 12 output.
- Select the IP call filter. You can change the name of the filter if you want.
- Select input or output.
- Select which input filter you want to edit: 01-12
To apply the filter:
- Go to the Ethernet menu.
- Go to the connections menu.
- Go to the FR menu.
- Go under session options and put the number of the filter you want to use in both the call filter and the data filter. For example, if you want to use filter set 20-401, then put 1 in the field.
- Set valid=yes (This is the only way you can edit the filter.)
- Set Type=IP (You shouldn't use generic for internet traffic.)
- Set Forward to yes for permit or no for deny.
What follows is a setup for allowing mail, outgoing ftp, outgoing telnet, and dns.
Note: If you set up input filters, you must setup at least one output filter allowing everything, otherwise the Ascend will block all outbound traffic.
#The following filters are for incoming packets.
#We should not see our ip address as a source address on
#incoming packets.
In filter 01
Ip...
Forward=No
Src Mask=255.255.255.0
Src Adrs=Network Number
Dst Mask=0.0.0.0
Dst Adrs=0.0.0.0
Protocol=6 (tcp)
Src Port Cmp=None
Src Port #=N/A
Dst Port Cmp=None
Dst Port #=N/A
TCP Estab=No
#Filter 02 allows any tcp established.
In filter 02
Ip...
Forward=yes
Src Mask=0.0.0.0
Src Adrs=0.0.0.0
Dst Mask=255.255.255.0
Dst Adrs=Network Number
Protocol=6
Src Port Cmp=None
Src Port #=N/A
Dst Port Cmp=None
Dst Port #=N/A
TCP Estab=Yes
#Filter 03 allows icmp.
In filter 03
Ip...
Forward=yes
Src Mask=0.0.0.0
Src Adrs=0.0.0.0
Dst Mask=255.255.255.0
Dst Adrs=Network Number
Protocol=1
Src Port Cmp=None
Src Port #=N/A
Dst Port Cmp=None
Dst Port #=N/A
TCP Estab=No
#Filter 04 is for udp for DNS.
In filter 04
Ip...
Forward=Yes
Src Mask=0.0.0.0
Src Adrs=0.0.0.0
Dst Mask=255.255.255.0
Dst Adrs=Network Number
Protocol=17
Src Port Cmp=Eql
Src Port #=53
Dst Port Cmp=None
Dst Port #=N/A
TCP Estab=No
#Filter 05 is for smtp mail.
In filter 05
Ip...
Forward=Yes
Src Mask=0.0.0.0
Src Adrs=0.0.0.0
Dst Mask=255.255.255.0
Dst Adrs=Network Number
Protocol=6
Src Port Cmp=None
Src Port #=N/A
Dst Port Cmp=Eql
Dst Port #=25
TCP Estab=No
#Filter 06 is for FTP-data.
In filter 06
Ip...
Forward=Yes
Src Mask=0.0.0.0
Src Adrs=0.0.0.0
Dst Mask=255.255.255.0
Dst Adrs=Network Number
Protocol=6
Src Port Cmp=Eql
Src Port #=20
Dst Port Cmp=Gtr
Dst Port #=1023
TCP Estab=No
#Filter 07 is for FTP.
In filter 07
Ip...
Forward=Yes
Src Mask=0.0.0.0
Src Adrs=0.0.0.0
Dst Mask=255.255.255.0
Dst Adrs=Network Number
Protocol=6
Src Port Cmp=None
Src Port #=N/A
Dst Port Cmp=Eql
Dst Port #=21
TCP Estab=No
#Filter 08 is for WWW
In filter 08
Ip...
Forward=Yes
Src Mask=0.0.0.0
Src Adrs=0.0.0.0
Dst Mask=255.255.255.0
Dst Adrs=Network Number
Protocol=6
Src Port Cmp=None
Src Port #=N/A
Dst Port Cmp=Eql
Dst Port #=80
TCP Estab=No
#Filter 09 denies all ip
In filter 09
Ip...
Forward=no
Src Mask=0.0.0.0
Src Adrs=0.0.0.0
Dst Mask=0.0.0.0
Dst Adrs=0.0.0.0
Protocol=0
Src Port Cmp=None
Src Port #=N/A
Dst Port Cmp=None
Dst Port #=N/A
TCP Estab=No
#Now onto output filters.
#Filter 01 allows all tcp.
Out filter 01
Ip...
Forward=yes
Src Mask=0.0.0.0
Src Adrs=0.0.0.0
Dst Mask=0.0.0.0
Dst Adrs=0.0.0.0
Protocol=6
Src Port Cmp=None
Src Port #=N/A
Dst Port Cmp=None
Dst Port #=N/A
TCP Estab=No
#Filter 02 allows all udp.
Out filter 02
Ip...
Forward=yes
Src Mask=0.0.0.0
Src Adrs=0.0.0.0
Dst Mask=0.0.0.0
Dst Adrs=0.0.0.0
Protocol=17
Src Port Cmp=None
Src Port #=N/A
Dst Port Cmp=None
Dst Port #=N/A
TCP Estab=No
#Filter 03 allows outgoing icmp
Out filter 03
Ip...
Forward=yes
Src Mask=255.255.255.0
Src Adrs=Network Number
Dst Mask=0.0.0.0
Dst Adrs=0.0.0.0
Protocol=1
Src Port Cmp=None
Src Port #=N/A
Dst Port Cmp=None
Dst Port #=N/A
TCP Estab=Yes
#The following filter is redundant and is there simply to
#ensure that this service are allowed.
#Filter 04 allows mail.
Out filter 04
Ip...
Forward=yes
Src Mask=255.255.255.0
Src Adrs=Network Number
Dst Mask=0.0.0.0
Dst Adrs=0.0.0.0
Protocol=6
Src Port Cmp=None
Src Port #=N/A
Dst Port Cmp=Eql
Dst Port #=25
TCP Estab=No
|
